Follows on from part one.
Expert on all things cybersecurity, Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, continues to discuss what effect hacking and web security are having on the modern tech world.
How are mobile devices now being targeted?
We have many scams involving fake fraudulent applications. However, if you’re using [app stores] to get [precarious apps] or an application with excessive access to your data, the situation is a little bit more dangerous because Google is known to be more lenient for approving complications. People who install applications from certain stores or who have a jailbroken iPhone or a rooted Android device, they can find themselves at considerable risk. You certainly see some use of Apple is releasing critical updates for iOS, to make sure that their users will remain safe. So those who do not update their iPhones or Android devices may face a loss of data because there are several vulnerabilities that are simple but can lead to big exploitations through just an SMS or image pop-ups – then your mobile phone will be under control of the third party.
The good news is that such vulnerabilities are usually difficult to exploit and it’s likely there will no attack on your device unless you’re exposed or someone has paid a lot of money to chase a zero-day vulnerability affecting iOS and to breach your device. So, I’d keep your mobile device up to date, do not click on any untrusted links from WhatsApp or the wider SMS world whatsoever. Do not install any untrusted applications, even if they’re coming from, let’s say, the Apple Store. Make sure that the application has at least a couple of reviews, and there’s a considerable number of users who have already installed it. And then you can probably consider installing this application as well.
What do you feel about virtual patching as a response to cybersecurity shortage skills?
I don’t think it’s a substantial improvement. It’s not something that will be applicable for all Cyber Security in web application. But it can be helpful and it’s an example of how we can optimise a certain process. Let’s say, for example, when you have 10 vulnerabilities on your website. Normally you should ask your developers to remediate them. However, sometimes you don’t know where developers are located because you inherited your website from previous IT team and developers don’t work there anymore. Sometimes it was developed by a third party and you have no contact with them anymore. Sometimes your developers have no time or no skills whatsoever to properly and timely remediate the issue. So, a web application firewall sitting between the year website on the internet and blocking exploitation attempt of these vulnerabilities. So, vulnerabilities will remain. It will not fix that part, which is ok. However, most of the exploitation vectors, many things like you know are here. Imagine you build a glass dome over it so people who are trying to pick it up can still see problems. Things can be stolen and can be taken from there. The vulnerability remains and can be exploited.
What about artificial intelligence and machine learning, how are they helping with cybersecurity?
These days we have a lot of hype and a lot of misunderstanding involving AI and machine learning. If they are probably properly implemented, AI and machine learning can considerably reuse routines routing panel, allowing time-saving to prevail. These days many cybersecurity professionals need their precious time. Giving machines certain jobs can probably resolve a cybersecurity skills shortage using machine learning, too. I personally believe that we do not have a cybersecurity skills shortage, but claims by some of the research say we do. I’d rather say if we can enable our existing experts to spend their time on more relevant topics, more important and more business-critical tasks by folding some of the routine and time-consuming stuff they have every day by Intelligent Automation by usage of machine learning. This will greatly help and probably reduce the cybersecurity shortage by 90%. It can free our hands and enable people to focus on something that truly deserves their time or the genius of human intelligence.
Ultimately, what would be the one piece of advice that you give to people to protect themselves from hackers be?
Don’t be scared! That’s very important. Cyber Security is not rocket science. You don’t need to have a Master’s Degree in cybersecurity to follow your common sense. If you receive an email about these unexpected things that seem too good to be true, do not respond, do not click, and do not open. Keep your devices, your computers and mobile phones up to date. Keep them in order- Meaning, do not install 20,000 applications from multiple vendors. Follow your common sense and you will likely be safe. You will likely avoid the majority old for most common most widespread security dangers and risks.